Google claims Manifest V3 focuses on security, privacy, performance and speed, but it could also be a problem for millions of Chrome browser extension users.
Google’s Manifest V3 was released in 2020. It was a significant step forward in security, privacy, and performance.
It took a while before the Electronic Frontier Foundation declared that MV3 was a “Bad” and it was officially released on December 9, 2021.Conflict of interest caused by Google’s control of both the dominant internet browser and the largest internet advertising network.“
EFF is correct. Google’s plans to MV3 are yet another reason why Google Chrome is not the best browser for Linux and Windows.
Let me explain.
What is Google Manifest V3? (MV3)
Manifest V3 Chrome Extensions (MV3)These guidelines describe how Google’s browser handles extensions. Developers can upload extensions to the Chrome Web Store as soon as they are ready. Chrome 8It was released on January 20, 2021. According to Google, MV3 is designed to help the company provide “improvements to security, performance and privacy—while preserving or extending the capability of extensions and keeping a webby developer experience.”
SEE: It’s time to ditch Chrome as the default browser for Android (TechRepublic)
On the surface, MV3 might be seen as a means of achieving a very protective end. Why? Because browser extension developers are making malicious tools to attack browser security. MV3 is a powerful tool to block web browser extensions. This is very good. This is very nice. It is also long overdue. It’s becoming a common occurrence to hear of another threat to web browser safety. And often, it is a problem with extensions.
Google’s guidance to prevent bad actors is a huge win for web browser security professionals. There’s a flip side to this coin.
Google Manifest V3 causes issues for developers and users
Many developers create extensions that millions upon millions of users rely on. There are many users who use adblockers and other extensions that prevent websites from collecting or using their data. The following is an example 2021 PageFair Adblock ReportFrom an advertising firm BlockthroughOn mobile browsers, 586 million people use ad blocking software. On desktop browsers, it is 257 millions. These are large numbers. These numbers will only increase as more sites use a greater percentage of ads. Is it possible to reduce the numbers so that Google can ignore them? Chrome users who use a browser that has ad-blocking extensions installed will be out of luck when MV3 is implemented.
This is complicated by the fact that MV3 can also negatively impact user privacy by preventing third-party tracking extensions from working. Chrome offers Incognito Mode which can prevent websites from tracking user activity. Google is aware that privacy is very important to users. Incognito Mode isn’t enough, as anyone who’s tried it knows. It doesn’t stop ads, but it does prevent tracking. While I don’t mind businesses using ads to promote themselves, it doesn’t stop them from doing so. Unfortunately, not all ads work the same way and some are quite malicious. Ad-blocking extensions are installed by many users to stop malicious ads from infecting computers. It’s a shame that MV3 could eliminate another tool that users can use to protect their privacy, and preserve the integrity of the devices they use.
Google’s argument for why Chrome should be abandoned is compelling from my point of view.
It’s more than users.
MV3 does not only cause problems for end-users. Developers might also be affected by MV3. EFF states that while Manifest V3 will not stop malicious extensions, it will hinder innovation, reduce extension capabilities, and affect real-world performance. Google has the right to ban remote hosted code, with some exceptions for things such as user scripts. However, this policy change didn’t have to be bundled in Manifest V3.
SEE: A feature comparison: Time tracking software (TechRepublic Premium).
The EFF is correct. Google should, with few exceptions, ban remote code. Not releasing guidance that is so restrictive for third-party extension functionality is the right way to go. And for developers, this could lead to many of them having to work with two different code bases—one for Chrome and one for all other browsers. Many developers will not accept this proposition.
Google does not want to allow the development or use of ad blocking extensions. It is unlikely. However, developers are being prevented from creating helpful (often non-malicious) addons by creating guidance. This puts them in a very awkward position. End users should have the freedom to use their browsers in any way they like. Chrome has an Incognito Mode that prevents tracking, which shows Google cares about privacy.
What can users do if Google’s MV3 blocks the creation of adblockers for Chrome?
Chrome should be stopped because of MV3.
If there were a universally agreed upon and enforceable set of rules that browser makers could follow for privacy and security, it would be similar to the safety standards that are established in countries like Canada. Unfortunately, it isn’t true.
Google and other browser manufacturers have invested too much time, capital, and resources into their creations for a third party. Google would also have to work with Apple, Microsoft and Mozilla as well as Brave, Brave, Vivaldi, Vivaldi, Opera, Brave, Brave, Brave, Vivaldi, and any other browser makers that may be interested in this issue. Again … not gonna happen.
A third party can also pose a problem because no one has the authority to oversee such a body. We all know how slow governments can implement such a change. This is technology, where changes happen in a blink of an eye. Even if a government were to get involved, it would likely have already reduced the need for it.
I don’t expect a third party taking control of this situation and neither should anyone else.
What can you do then? It is easy. Switch browsers. Switch to a browser that allows you to use ad blocking extensions or other extensions. This will prevent data collection. Switch to another browser, such as Firefox for Linux, macOS, Windows, or Safari (for macOS). Chrome-based browsers could cause problems with installing extensions.
Your web browser is your experience, security, and data. The final decision on what information can be added to enhance privacy and data usage should be made by you.
Jonathan Mayer is Princeton University’s assistant professor of computer sciences and public affairs. He said it best in “A Brief History of Computer Science.” Cite the EFF:
“A web browser should act for the user and protect their interests. Chrome is now a Google agent and not a user agent. It is the most popular web browser with no privacy protections. Chrome pushes users towards linking activities to a Google Account, and also implements intrusive advertising capabilities. Google’s most recent changes will remove Chrome privacy extensions despite academic research concluding that they are not necessary. These user-hostile choices are directly due to Google’s surveillance model, which is enabled by its dominance in the desktop browser market.